Prosím o kontrolu logu - přehřívání a zpomalení připojení

[norris.chuck]

Logfile of random's system information tool 1.08 (written by random/random)
Dobrý den, posílám log....

Run by Radka at 2011-06-14 21:58:26
Microsoft Windows 7 Ultimate
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 959 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:52, on 14.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Radka\Downloads\RSIT.exe
C:\Program Files\trend micro\Radka.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 1341 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2011-05-10 6789504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Radka\AppData\Roaming\QipGuard\QipGuard.exe [2011-02-01 187776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2011-06-14 21:48:33 ----D---- C:\rsit
2011-06-14 13:39:57 ----D---- C:\Program Files\Common Files\DigiDesign
2011-06-14 13:31:26 ----D---- C:\Program Files\Toontrack
2011-06-14 12:25:19 ----D---- C:\Program Files\ASIO4ALL v2
2011-06-14 12:24:58 ----A---- C:\Windows\system32\rewire.dll
2011-06-14 12:24:21 ----D---- C:\Program Files\VstPlugins
2011-06-14 12:24:18 ----D---- C:\Program Files\Outsim
2011-06-14 12:21:37 ----D---- C:\Program Files\Image-Line
2011-06-14 12:04:49 ----D---- C:\Program Files\Acoustica Shared Effects
2011-06-14 12:04:23 ----D---- C:\Program Files\Acoustica Beatcraft
2011-06-11 20:16:08 ----D---- C:\Program Files\Common Files\3DO Shared
2011-06-11 20:15:11 ----D---- C:\Program Files\directx
2011-06-11 20:08:26 ----D---- C:\Program Files\3DO
2011-06-11 14:11:02 ----D---- C:\Program Files\CDex
2011-06-10 17:01:21 ----D---- C:\Program Files\VUGames
2011-06-09 11:16:33 ----D---- C:\Program Files\Midway Home Entertainment
2011-06-05 18:29:19 ----A---- C:\Windows\wwp_game.INI
2011-06-04 18:50:54 ----D---- C:\Program Files\Empire Interactive
2011-06-01 17:26:41 ----D---- C:\Team17
2011-05-25 08:57:24 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-20 18:11:23 ----D---- C:\Program Files\Half-Life
2011-05-19 08:44:29 ----A---- C:\Windows\system32\poqexec.exe

======List of files/folders modified in the last 1 months======

2011-06-14 21:58:36 ----D---- C:\Windows\Temp
2011-06-14 21:58:30 ----D---- C:\Program Files\Trend Micro
2011-06-14 21:39:58 ----D---- C:\Program Files\QIP 2010
2011-06-14 14:09:33 ----RSD---- C:\Windows\Fonts
2011-06-14 14:05:05 ----SHD---- C:\System Volume Information
2011-06-14 13:39:58 ----SHD---- C:\Windows\Installer
2011-06-14 13:39:57 ----D---- C:\Program Files\Common Files
2011-06-14 13:31:26 ----RD---- C:\Program Files
2011-06-14 12:24:58 ----D---- C:\Windows\System32
2011-06-14 12:06:45 ----D---- C:\Windows
2011-06-14 08:54:55 ----D---- C:\Windows\system32\config
2011-06-14 08:36:36 ----D---- C:\Windows\system32\catroot2
2011-06-14 08:36:36 ----D---- C:\Windows\system32\catroot
2011-06-14 08:33:20 ----D---- C:\Windows\winsxs
2011-06-13 14:35:49 ----D---- C:\Users\Radka\AppData\Roaming\Media Player Classic
2011-06-11 20:09:17 ----D---- C:\Windows\inf
2011-06-11 20:09:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-11 17:30:56 ----D---- C:\Windows\Prefetch
2011-06-11 17:14:55 ----D---- C:\Users\Radka\AppData\Roaming\uTorrent
2011-06-11 14:12:48 ----D---- C:\Program Files\Common Files\microsoft shared
2011-06-04 18:50:54 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-01 17:26:33 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-01 17:15:08 ----D---- C:\Windows\system32\drivers
2011-06-01 17:14:57 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-24 11:25:26 ----D---- C:\Program Files\Mount&Blade Warband
2011-05-23 17:31:51 ----D---- C:\Users\Radka\AppData\Roaming\Mount&Blade Warband
2011-05-22 19:03:13 ----D---- C:\Windows\Minidump
2011-05-22 19:03:13 ----D---- C:\Windows\debug
2011-05-20 18:21:26 ----D---- C:\Windows\system32\NDF
2011-05-20 08:36:34 ----A---- C:\Windows\system32\MRT.exe
2011-05-16 08:25:13 ----D---- C:\ProgramData\Microsoft Help
2011-05-16 08:17:35 ----D---- C:\Users\Radka\AppData\Roaming\Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nhcDriverDevice;Notebook Hardware Control Driver; C:\Windows\system32\drivers\nhcDriver.sys [2011-02-06 71680]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-14 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 at59e7k0;at59e7k0; C:\Windows\system32\drivers\at59e7k0.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-05-09 25280]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\Windows\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-09 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1343400]

-----------------EOF-----------------


Děkuji

[chodnik74]

Dobrý večer
hned se na to podíváme,pokud tam nebude nic nemožného pane Chucku

[norris.chuck]

Díky moc ... jen se divím, že tu ještě tahle přezdívka není

[chodnik74]

Aktualizace Service Pack 1 + IE 9

Ten log je kompletní jak se vám zobrazil nebo jste každý druhý řádek smazal?

[norris.chuck]

Díky moc. Ten log je kompletní vůbec sem do něj nezasahoval. Chybí tam něco?

[chodnik74]

V klidu mrkněte na ostatní logy a v kombinaci s vaší přezdívkou mě napadlo jediné: jedině chuck norris vloží log,ve kterém jsou jen škodlivé položky
Ale stop srandy..pokračujeme dále..

Stáhneme si na Plochu program OTL

• Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být nezaškrknutá
• Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
• Staří souborů změňte z 30 dnů na 7 dnů
• Do spodního okýnka Vlastní skenování/opravy vložte následující script:

  Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT
  

• Klikněte na tlačítko Prohledat
• Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty mě sem vložte

[chodnik74]

Pro dnešek končím Takže zatím udělejte OTL a zítra pokračujeme Dobrou noc

[norris.chuck]

Díky za pomoc, ještě to běží dobrou noc

[norris.chuck]

OTL logfile created on: 14.6.2011 22:30:48 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Radka\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

958,93 Mb Total Physical Memory | 122,96 Mb Available Physical Memory | 12,82% Memory free
1,94 Gb Paging File | 0,84 Gb Available in Paging File | 43,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,30 Gb Free Space | 64,61% Space Free | Partition Type: NTFS

Computer Name: RADKA-PC | User Name: Radka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.06.14 22:29:05 | 000,463,120 | ---- | M] (Microsoft Corporation) -- C:\775787e4195e9533f41a68f0073f6bab\spinstall.exe
PRC - [2011.06.14 22:28:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Radka\Downloads\OTL.exe
PRC - [2011.06.06 07:28:58 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.16 03:37:00 | 017,685,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\spclite.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011.06.14 22:28:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Radka\Downloads\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.08.21 03:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.05.09 19:41:58 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.02.06 17:52:30 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2010.03.14 00:14:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.20 15:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009.03.06 12:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.03.07 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005.06.13 11:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800obex.sys -- (w800obex)
DRV - [2005.06.13 11:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005.06.13 11:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005.06.13 11:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005.06.13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/






IE - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010.04.23 11:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\14he8con.default\extensions

O1 HOSTS File: ([2011.05.08 12:24:30 | 000,433,994 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14934 more lines...
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.91.144.100 212.80.67.98
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e1870fa9-2eed-11df-8af6-002494b9743c}\Shell - "" = AutoRun
O33 - MountPoints2\{e1870fa9-2eed-11df-8af6-002494b9743c}\Shell\AutoRun\command - "" = E:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{e1870fa9-2eed-11df-8af6-002494b9743c}\Shell\instDX\command - "" = E:\directX\dxsetup.exe
O33 - MountPoints2\{e1870fa9-2eed-11df-8af6-002494b9743c}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\D\Shell\instDX\command - "" = D:\directX\dxsetup.exe
O33 - MountPoints2\D\Shell\readme\command - "" = notepad readme.txt
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)


========== Files/Folders - Created Within 7 Days ==========

[2011.06.14 22:30:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.06.14 22:29:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.06.14 22:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011.06.14 21:48:33 | 000,000,000 | ---D | C] -- C:\rsit
[2011.06.14 13:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DigiDesign
[2011.06.14 13:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Toontrack
[2011.06.14 12:28:41 | 000,000,000 | ---D | C] -- C:\Users\Radka\Crack
[2011.06.14 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\Radka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011.06.14 12:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011.06.14 12:24:58 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011.06.14 12:24:55 | 000,000,000 | ---D | C] -- C:\Users\Radka\Documents\Image-Line
[2011.06.14 12:24:39 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011.06.14 12:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2011.06.14 12:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011.06.14 12:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011.06.14 12:04:55 | 000,000,000 | ---D | C] -- C:\Users\Radka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Beatcraft
[2011.06.14 12:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Beatcraft
[2011.06.14 12:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2011.06.14 12:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Beatcraft
[2011.06.11 20:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2011.06.11 20:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\3DO Shared
[2011.06.11 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011.06.11 20:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2011.06.11 14:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
[2011.06.11 14:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2011.06.10 17:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\VUGames
[2011.06.09 14:09:22 | 000,000,000 | ---D | C] -- C:\Users\Radka\AppData\Local\DFH
[2011.06.09 14:09:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011.06.09 14:09:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011.06.09 14:09:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011.06.09 13:59:06 | 000,000,000 | ---D | C] -- C:\Users\Radka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midway Home Entertainment
[2011.06.09 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Midway Home Entertainment

========== Files - Modified Within 7 Days ==========

[2011.06.14 22:34:18 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.14 22:32:00 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 22:32:00 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 21:57:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.14 12:25:19 | 000,001,100 | ---- | M] () -- C:\Users\Radka\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011.06.14 12:04:55 | 000,000,977 | ---- | M] () -- C:\Users\Radka\Desktop\Beatcraft.lnk
[2011.06.14 08:21:26 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.13 22:01:57 | 754,126,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.11 20:16:52 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2011.06.11 20:13:49 | 000,001,562 | ---- | M] () -- C:\Users\Radka\Desktop\HEROES3 – zástupce.lnk
[2011.06.11 20:09:17 | 000,631,292 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2011.06.11 20:09:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.11 20:09:17 | 000,121,914 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2011.06.11 20:09:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.10 17:06:53 | 000,001,391 | ---- | M] () -- C:\Users\Radka\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
[2011.06.10 17:06:53 | 000,001,319 | ---- | M] () -- C:\Users\Radka\Desktop\SWAT 4.lnk
[2011.06.09 14:09:21 | 000,002,601 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011.06.09 14:09:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2011.06.09 14:09:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2011.06.09 13:59:09 | 000,001,928 | ---- | M] () -- C:\Users\Radka\Desktop\Rise And Fall.lnk
[2011.06.08 07:54:21 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011.06.14 12:25:19 | 000,001,100 | ---- | C] () -- C:\Users\Radka\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011.06.14 12:04:55 | 000,000,977 | ---- | C] () -- C:\Users\Radka\Desktop\Beatcraft.lnk
[2011.06.11 20:16:52 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2011.06.11 20:13:49 | 000,001,562 | ---- | C] () -- C:\Users\Radka\Desktop\HEROES3 – zástupce.lnk
[2011.06.10 17:06:53 | 000,001,391 | ---- | C] () -- C:\Users\Radka\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk
[2011.06.10 17:06:53 | 000,001,319 | ---- | C] () -- C:\Users\Radka\Desktop\SWAT 4.lnk
[2011.06.09 14:09:15 | 000,002,601 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2011.06.09 14:09:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2011.06.09 14:09:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2011.06.09 13:59:09 | 000,001,928 | ---- | C] () -- C:\Users\Radka\Desktop\Rise And Fall.lnk
[2011.06.05 18:29:19 | 000,000,083 | ---- | C] () -- C:\Windows\wwp_game.INI
[2011.04.28 12:30:16 | 000,007,598 | ---- | C] () -- C:\Users\Radka\AppData\Local\Resmon.ResmonCfg
[2011.04.20 19:19:47 | 000,060,416 | ---- | C] () -- C:\Windows\System32\rbap350.dll
[2011.03.09 23:22:25 | 006,294,528 | ---- | C] () -- C:\Windows\System32\MediaIO1.dll
[2011.03.09 23:22:24 | 009,974,784 | ---- | C] () -- C:\Windows\System32\MioPlayer2.dll
[2011.02.13 13:33:07 | 000,006,144 | ---- | C] () -- C:\Users\Radka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.28 09:40:06 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.07 22:19:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.13 17:01:14 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.04.29 01:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.14 00:05:13 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.07.14 10:44:22 | 000,631,292 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.07.14 10:44:22 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.07.14 10:44:22 | 000,121,914 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.07.14 10:44:22 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,410,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.06.14 04:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011.02.08 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\AnvSoft
[2010.03.14 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\DAEMON Tools Lite
[2010.04.11 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Leadertech
[2011.02.17 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Mount&Blade
[2011.05.23 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Mount&Blade Warband
[2011.02.06 17:52:29 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Notebook Hardware Control
[2010.03.14 00:00:16 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Opera
[2011.02.21 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\QipGuard
[2011.04.11 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\UBitMenu
[2011.06.11 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\uTorrent
[2009.07.14 06:53:46 | 000,018,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.12.07 21:55:50 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Adobe
[2011.02.08 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\AnvSoft
[2010.03.14 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\DAEMON Tools Lite
[2011.05.16 08:17:35 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Hamachi
[2010.03.13 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Identities
[2010.03.14 00:04:54 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\InstallShield
[2010.04.11 17:39:04 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Leadertech
[2010.03.14 01:24:32 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Macromedia
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Media Center Programs
[2011.06.13 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Media Player Classic
[2011.05.08 11:26:03 | 000,000,000 | --SD | M] -- C:\Users\Radka\AppData\Roaming\Microsoft
[2011.02.17 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Mount&Blade
[2011.05.23 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Mount&Blade Warband
[2010.10.07 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Mozilla
[2011.02.06 17:52:29 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Notebook Hardware Control
[2010.03.14 00:00:16 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Opera
[2011.02.21 16:19:12 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\QipGuard
[2011.02.07 12:25:43 | 000,000,000 | RH-D | M] -- C:\Users\Radka\AppData\Roaming\SecuROM
[2010.10.07 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\Skype
[2010.10.07 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\skypePM
[2011.04.11 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\UBitMenu
[2011.06.11 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\Radka\AppData\Roaming\uTorrent

< %APPDATA%\*.exe /s >
[2011.06.14 13:39:58 | 000,003,128 | R--- | M] () -- C:\Users\Radka\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
[2011.05.08 11:26:03 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Radka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.05.18 12:00:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Radka\AppData\Roaming\Microsoft\Installer\{A56C2090-F03D-40F5-A4DC-1A75291B2833}\ARPPRODUCTICON.exe
[2011.02.01 12:45:16 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Users\Radka\AppData\Roaming\QipGuard\QipGuard.exe
[2011.04.11 15:12:37 | 000,695,642 | ---- | M] () -- C:\Users\Radka\AppData\Roaming\UBitMenu\unins000.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2011.03.11 07:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011.03.11 07:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.14 00:14:14 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.06.14 22:32:00 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.14 22:32:00 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< End of report >

[norris.chuck]

OTL Extras logfile created on: 14.6.2011 22:30:48 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Radka\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

958,93 Mb Total Physical Memory | 122,96 Mb Available Physical Memory | 12,82% Memory free
1,94 Gb Paging File | 0,84 Gb Available in Paging File | 43,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,30 Gb Free Space | 64,61% Space Free | Partition Type: NTFS

Computer Name: RADKA-PC | User Name: Radka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CE93AD7-1548-4127-A203-ED55B1671B90}" = Warrior Kings - Battles
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{A56C2090-F03D-40F5-A4DC-1A75291B2833}" = Operation Flashpoint BAS Addon Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.4 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"7-Zip" = 7-Zip 4.65
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Addon-y" = Addon-y
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Audio Converter_is1" = Any Audio Converter 3.0.7
"ASIO4ALL" = ASIO4ALL
"aTube Catcher" = aTube Catcher
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life_is1" = Half-Life
"Hamachi" = Hamachi 1.0.3.0
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"In-Tune Multi-Instrument Tuner v1.97_is1" = In-Tune Multi-Instrument Tuner v1.97
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mount&Blade Warband" = Mount&Blade Warband
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Operácia JANTÁR" = Operácia JANTÁR
"PowerISO" = PowerISO
"Rise And Fall" = Rise And Fall (remove only)
"Sony Ericsson W800" = Sony Ericsson W800 Software
"SWAT 4 1.1" = SWAT 4 1.1
"uTorrent" = µTorrent
"Webcam and Screen Recorder_is1" = Webcam and Screen Recorder 1.0
"Windows Movie Maker" = Windows Movie Maker
"WinRAR archiver" = Archivátor WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2010" = QIP 2010 3.1.5488
"QipGuard" = QIP Internet Guardian

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.6.2011 6:03:35 | Computer Name = Radka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: qip.exe, verze: 3.0.0.5488, časové razítko:
0x2a425e19 Název chybujícího modulu: MRA.dll, verze: 1.0.0.4, časové razítko: 0x2a425e19
Kód
výjimky: 0xc0000005 Posun chyby: 0x0000339e ID chybujícího procesu: 0x10c0 Čas spuštění
chybující aplikace: 0x01cc273fd673d4c0 Cesta k chybující aplikaci: C:\Program Files\QIP
2010\qip.exe Cesta k chybujícímu modulu: C:\Program Files\QIP 2010\Protos\MRA\MRA.dll
ID
zprávy: e6e96a20-9348-11e0-8325-001e6815feee

Error - 10.6.2011 10:09:52 | Computer Name = Radka-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\spybot - search
& destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\spybot - search & destroy\DelZip179.dll na řádku 8. Hodnota * atributu language
v prvku assemblyIdentity je neplatná.

Error - 11.6.2011 5:32:40 | Computer Name = Radka-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 11.6.2011 15:17:38 | Computer Name = Radka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HEROES3.EXE, verze: 4.0.0.0, časové razítko:
0x31313931 Název chybujícího modulu: MP3DEC.ASI, verze: 3.0.0.0, časové razítko:
0x36910efa Kód výjimky: 0xc0000005 Posun chyby: 0x000076f1 ID chybujícího procesu:
0xe7c Čas spuštění chybující aplikace: 0x01cc28647efe56e0 Cesta k chybující aplikaci:
C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE Cesta k chybujícímu modulu: C:\Program
Files\3DO\Heroes 3 Complete\MP3DEC.ASI ID zprávy: 77f9d2e0-945f-11e0-bc2b-001e6815feee

Error - 11.6.2011 16:05:29 | Computer Name = Radka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HEROES3.EXE, verze: 4.0.0.0, časové razítko:
0x31313931 Název chybujícího modulu: MP3DEC.ASI, verze: 3.0.0.0, časové razítko:
0x36910efa Kód výjimky: 0xc0000005 Posun chyby: 0x000076f1 ID chybujícího procesu:
0x77c Čas spuštění chybující aplikace: 0x01cc286c45bac9b0 Cesta k chybující aplikaci:
C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE Cesta k chybujícímu modulu: C:\Program
Files\3DO\Heroes 3 Complete\MP3DEC.ASI ID zprávy: 2763c5a0-9466-11e0-bc2b-001e6815feee

Error - 12.6.2011 5:10:42 | Computer Name = Radka-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: HEROES3.EXE, verze: 4.0.0.0, časové razítko:
0x31313931 Název chybujícího modulu: MP3DEC.ASI, verze: 3.0.0.0, časové razítko:
0x36910efa Kód výjimky: 0xc0000005 Posun chyby: 0x000076f1 ID chybujícího procesu:
0x9b0 Čas spuštění chybující aplikace: 0x01cc28de832c21a0 Cesta k chybující aplikaci:
C:\Program Files\3DO\Heroes 3 Complete\HEROES3.EXE Cesta k chybujícímu modulu: C:\Program
Files\3DO\Heroes 3 Complete\MP3DEC.ASI ID zprávy: d8d123b0-94d3-11e0-bc2b-001e6815feee

Error - 13.6.2011 4:05:32 | Computer Name = Radka-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 14.6.2011 2:41:15 | Computer Name = Radka-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 14.6.2011 6:26:59 | Computer Name = Radka-PC | Source = Application Hang | ID = 1002
Description = Program FL.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: 9a8 Čas
spuštění: 01cc2a7d89d7c680 Čas ukončení: 42 Cesta k aplikaci: C:\Program Files\Image-Line\FL
Studio 9\FL.exe ID hlášení: d1310871-9670-11e0-80a2-001e6815feee

Error - 14.6.2011 8:11:24 | Computer Name = Radka-PC | Source = Application Hang | ID = 1002
Description = Program setup.exe verze 0.0.2.623 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
a60 Čas spuštění: 01cc2a8be67bb730 Čas ukončení: 18 Cesta k aplikaci: C:\Users\Radka\Downloads\steinberg-cubase-sx-v3-0-2-623-h2o\Steinberg.Cubase.SX.v3.0.2.623-H2O\setup.exe

ID
hlášení: 64b45df1-967f-11e0-80a2-001e6815feee

[ Media Center Events ]
Error - 11.1.2011 3:49:18 | Computer Name = Radka-PC | Source = MCUpdate | ID = 0
Description = 8:49:18 - Chyba při připojování k Internetu 8:49:18 - Nelze kontaktovat
server..

Error - 31.3.2011 3:31:25 | Computer Name = Radka-PC | Source = MCUpdate | ID = 0
Description = 9:31:25 - Chyba při připojování k Internetu 9:31:25 - Nelze kontaktovat
server..

[ System Events ]
Error - 29.3.2011 3:55:56 | Computer Name = Radka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error - 29.3.2011 3:55:57 | Computer Name = Radka-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error - 29.3.2011 9:03:42 | Computer Name = Radka-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 256 ID procesoru: 1 Další informace jsou obsaženy v podrobném
zobrazení tohoto záznamu.

Error - 29.3.2011 9:03:42 | Computer Name = Radka-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 256 ID procesoru: 1 Další informace jsou obsaženy v podrobném
zobrazení tohoto záznamu.

Error - 29.3.2011 13:50:36 | Computer Name = Radka-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Firmware platformy při předchozím přechodu systémového napájení poškodil
paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error - 31.3.2011 8:38:48 | Computer Name = Radka-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 256 ID procesoru: 1 Další informace jsou obsaženy v podrobném
zobrazení tohoto záznamu.

Error - 31.3.2011 8:38:50 | Computer Name = Radka-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 256 ID procesoru: 1 Další informace jsou obsaženy v podrobném
zobrazení tohoto záznamu.

Error - 31.3.2011 8:38:50 | Computer Name = Radka-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 256 ID procesoru: 1 Další informace jsou obsaženy v podrobném
zobrazení tohoto záznamu.

Error - 31.3.2011 10:01:44 | Computer Name = Radka-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Firmware platformy při předchozím přechodu systémového napájení poškodil
paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error - 2.4.2011 5:43:15 | Computer Name = Radka-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).


< End of report >

[chodnik74]

Odinstalujte Spybot - Search & Destroy a nainstalujte SUPERAntispyware,který používejte 1x14 dní jako preventivní sken
Nevidím žádný antivir..


Stáhneme si na Plochu program OTL

• Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit
  

  Kód: Vybrat vše

  :otl
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  IE - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  
  :commands
  [emptytemp]
  [resethosts]
  
  

• Po restartu pc se vám objeví log z OTL,ten mi sem prosím vložte..

[norris.chuck]

Zdravím Vás, takže nainstaloval jsem všechny ty aktualizace, stáhnul antispyware a posílám log z OTL, doufám že sem ho dobře nastavil, nechal sem to jako to bylo včera.


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2853015108-4021131976-3144812556-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2853015108-4021131976-3144812556-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Radka
->Temp folder emptied: 15401868 bytes
->Temporary Internet Files folder emptied: 3052190 bytes
->Google Chrome cache emptied: 380082703 bytes
->Opera cache emptied: 6493721 bytes
->Flash cache emptied: 8256 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1584806 bytes
RecycleBin emptied: 4013883927 bytes

Total Files Cleaned = 4 216,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 06152011_100834

Files\Folders moved on Reboot...
C:\Windows\temp\TMP00000001AB62D64EEB38422A moved successfully.
File\Folder C:\Windows\temp\TMP0000005DF815B4E720727A63 not found!
File\Folder C:\Windows\temp\TMP0000005E61CF65C426D5F48C not found!

Registry entries deleted on Reboot...

[chodnik74]

Nainstaloval jste antivirus?

• Antivir + firewall
• Doporučené zabezpečení systému naleznete ZDE
  avast! Free Antivirus

Podle mě postačí Avast pokud nejste hovádko

[norris.chuck]

Už se mi instaluje Avast a Zone alarm free.

[chodnik74]

Výborně počkám...